How Will Microsoft Handle GitHub's Controversial Code?

Share

How Will Microsoft Handle GitHub's Controversial Code?

Michael Short/Bloomberg/Getty Images

After a weekend of rumors, Microsoft officially announced Monday that it will acquire the code repository site GitHub for $7.5 billion in stock. The platform is an important resource for some 28 million developers and home to billions of lines of open source code. It's in many ways a natural fit for Microsoft, which has in recent years warmed up to open source.

But the beloved developer platform may also introduce moderation headaches. Microsoft will soon need to formally decide what will happen to the many GitHub repositories that conflict with its own interests. The tech giant will face similar content moderations challenges that peers like Facebook and Google have, but with code instead of speech.

Created over a decade ago, GitHub is where developers at nearly every major software organization, from Google to NASA, collaborate. It hosts projects as diverse as Bitcoin's code and all of the German government's laws and regulations. The platform functions as a kind of social network for coders; their contributions to the site can serve as a stand-in for a traditional resume. Anyone can publish open source code to GitHub for free; the platform makes money by charging individuals and corporations to keep their code private.

GitHub's 85 million repositories help to make it one of the world's most popular websites. They include, however, projects that GitHub's new owner might take issue with.

Microsoft's Burden

Take as an example the Xbox emulators hosted on GitHub. These often-homemade programs allow people to play console games on their computers. Microsoft owns Xbox, and ostensibly loses money when gamers decline to buy consoles and play on desktop instead. These emulators pose an interesting problem: Microsoft will likely anger developers if it takes them down, but not doing so would be against its own business interests. It's a simple example, but there are plenty of other conflicts that arise from Microsoft gaining control over GitHub.

Microsoft will have to think carefully about whether it wants to host tools that enable people to create things widely thought of as harmful.

GitHub also houses the code that allows people to create deepfakes, nonconsensual porn videos that use artificial intelligence to transpose one person's face onto another's body. First reported by Motherboard, deepfakes have since been banned by nearly every major social network. But the code used to create them still lives on GitHub, presenting a potential ethical issue for Microsoft.

And in many ways, moderating code used to create objectionable content is thornier than simply banning the content itself. One could theoretically argue, for example, that continuing to host the deepfake code serves an educational purpose.

Taking down one piece of objectionable content is not the same as "taking down the code that could maybe generate a million pieces of content," says Sarah T. Roberts, an assistant professor of information studies at UCLA who researches content moderation. "The implications are different."

Code that helps to create objectionable content isn't itself objectionable, but Microsoft will have to think carefully about whether it wants to host tools that enable people to create things widely thought of as harmful, though not outright illegal. It's a question that other user-generated content platforms, like Facebook, don't have to consider in the same way.

International Headaches

Microsoft may also face problems with GitHub overseas, specifically in China. Unlike sites like Facebook, China's government cannot simply block GitHub wholesale, which would prevent its own developers from accessing valuable open source code. But GitHub also hosts content that the country's government would rather censor, like readings related to the 1989 student-lead protests in Beijing's Tiananmen Square.

In fact, analysts believe that in 2015 China launched a denial of service attack against specific GitHub pages, attempting to flood them with traffic in an effort to get them taken down. They included a page for GreatFire, which provides tools for circumventing China's internet censorship, as well as the Chinese edition of The New York Times. A year later, China tried to get GitHub to remove content simply by asking nicely. GitHub declined. Some worry Microsoft may be more willing to appease similar Chinese demands, since the company has other business interests there.

"GitHub isn't a perfect defender of censorship, but they still host Tiananmen Square stuff. That's likely to disappear under Microsoft," says Rob Graham, CEO of Errata Security, who helped trace the 2015 DDOS attack to China.

GitHub has also been censored in a number of other countries where Microsoft has business interests, including Russia and India. The former temporarily blocked access to GitHub in 2014 for hosting pages that described methods for committing suicide. The latter restricted GitHub, as well as a number of other sites, for hosting content purported to have been published by ISIS. It's worth noting, though, that Microsoft also owns LinkedIn, which has faced similar censorship problems abroad; these wouldn't be entirely new challenges for the company.

Been There Before

Like all websites that host user-generated content, GitHub has made a number of difficult moderation decisions already. In 2016, the site decided to delete code posted by the Shadow Brokers, a hacking group that obtained exploits linked to the National Security Agency. It did so because the Shadow Brokers were attempting to sell access to additional stolen data, a violation of GitHub's Terms of Service. But the site continues to sometimes host other stolen code, just not when it's for sale. That, too, could pose a dilemma for Microsoft.

'GitHub isn't a perfect defender of censorship, but they still host Tiananmen Square stuff. That's likely to disappear under Microsoft.'

Robert Graham, Errata Security

Like other tech companies, GitHub publishes an annual transparency report, where it details how many times it took down repositories and why it chose to take those actions. The site also has a written list of Community Guidelines, which prohibits things like threats of violence, hate speech, and harassment. Importantly, it also bans using the site to publish active malware or exploits. Recently, GitHub even worked with the United Nations on a research report related to content moderation and free expression.

Still, the acquisition has spooked some developers. GitLab, a site that offers a similar, competing service to GitHub, says it saw a spike in projects being imported to its site after the Microsoft announcement. And the top trending repository on GitHub Tuesday was the "GitHub Evacuation Center," created to help users move their projects elsewhere.

For now though, developer concerns about Microsoft's rule remain theoretical. It's unclear how Microsoft will moderate GitHub. With the deal not yet finalized, both companies have declined to offer further details. Microsoft, though, has publicly acknowledged the responsibility that it's taking on.

"We are committed to being stewards of the GitHub community, which will retain its developer-first ethos, operate independently and remain an open platform," wrote Microsoft's CEO Satya Nadella in a blog post announcing the acquisition. Keeping that promise might prove trickier than expected.